> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Antony > Stone > Sent: Thursday, May 20, 2004 5:31 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Question regarding virus detection > > > On Thursday 20 May 2004 9:13 pm, Jim Maul wrote: > > > Exactly, and after some more playing around, i found that i > dont even have > > to remove ALL of those lines. I can leave them all in except the first > > line which was "-----Original Message-----" > > > > If i remove that line, clamscan finds the virus in the message, if i put > > that line back in the message, clamscan doesnt find the virus. > > That looks suspiciously to me like a MIME boundary marker > (although I agree > that in this context it isn't). > > I wonder if ClamAV is misinterpreting it in this way, and > therefore doesn't > see the real boundary markers for the infected attachment? >
It was a nice thought, but that doesnt seem to be the case. Playing around with it again i noticed that it doesnt matter what the first line of the message is. It can actually just be a blank line and clamscan -m still will not find the virus. The second line in the message is a From: and it appears that this MUST be the first line in the message. If ANYTHING is inserted before the From:, clamscan -m will not detect the virus. Any more ideas? Thanks, Jim ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
